diff options
Diffstat (limited to 'sql/encryption.cc')
-rw-r--r-- | sql/encryption.cc | 70 |
1 files changed, 31 insertions, 39 deletions
diff --git a/sql/encryption.cc b/sql/encryption.cc index 520eb8b898f..209b092b0a4 100644 --- a/sql/encryption.cc +++ b/sql/encryption.cc @@ -19,37 +19,27 @@ #include "sql_plugin.h" #include <my_crypt.h> -void init_io_cache_encryption(); - /* there can be only one encryption plugin enabled */ static plugin_ref encryption_manager= 0; struct encryption_service_st encryption_handler; -unsigned int has_key_id(uint id) -{ - return encryption_key_get_latest_version(id) != ENCRYPTION_KEY_VERSION_INVALID; -} - -unsigned int has_key_version(uint id, uint version) -{ - uint unused; - return encryption_key_get(id, version, NULL, &unused) != ENCRYPTION_KEY_VERSION_INVALID; -} - uint no_key(uint) { return ENCRYPTION_KEY_VERSION_INVALID; } -static int no_crypt(const uchar* source, uint source_length, - uchar* dest, uint* dest_length, - const uchar* key, uint key_length, - const uchar* iv, uint iv_length, - int no_padding, uint key_id, uint key_version) +static int ctx_init(void *ctx, const unsigned char* key, unsigned int klen, + const unsigned char* iv, unsigned int ivlen, int flags, + unsigned int key_id, unsigned int key_version) { - return 1; + return my_aes_crypt_init(ctx, MY_AES_CBC, flags, key, klen, iv, ivlen); } +static unsigned int get_length(unsigned int slen, unsigned int key_id, + unsigned int key_version) +{ + return my_aes_get_size(MY_AES_CBC, slen); +} int initialize_encryption_plugin(st_plugin_int *plugin) { @@ -67,13 +57,21 @@ int initialize_encryption_plugin(st_plugin_int *plugin) st_mariadb_encryption *handle= (struct st_mariadb_encryption*) plugin->plugin->info; - encryption_handler.encryption_encrypt_func= - handle->encrypt ? handle->encrypt - : (encrypt_decrypt_func)my_aes_encrypt_cbc; + encryption_handler.encryption_ctx_size_func= + handle->crypt_ctx_size ? handle->crypt_ctx_size : + (uint (*)(unsigned int, unsigned int))my_aes_ctx_size; + + encryption_handler.encryption_ctx_init_func= + handle->crypt_ctx_init ? handle->crypt_ctx_init : ctx_init; - encryption_handler.encryption_decrypt_func= - handle->decrypt ? handle->decrypt - : (encrypt_decrypt_func)my_aes_decrypt_cbc; + encryption_handler.encryption_ctx_update_func= + handle->crypt_ctx_update ? handle->crypt_ctx_update : my_aes_crypt_update; + + encryption_handler.encryption_ctx_finish_func= + handle->crypt_ctx_finish ? handle->crypt_ctx_finish : my_aes_crypt_finish; + + encryption_handler.encryption_encrypted_length_func= + handle->encrypted_length ? handle->encrypted_length : get_length; encryption_handler.encryption_key_get_func= handle->get_key; @@ -81,17 +79,11 @@ int initialize_encryption_plugin(st_plugin_int *plugin) encryption_handler.encryption_key_get_latest_version_func= handle->get_latest_key_version; // must be the last - init_io_cache_encryption(); - return 0; } int finalize_encryption_plugin(st_plugin_int *plugin) { - encryption_handler.encryption_encrypt_func= no_crypt; - encryption_handler.encryption_decrypt_func= no_crypt; - encryption_handler.encryption_key_id_exists_func= has_key_id; - encryption_handler.encryption_key_version_exists_func= has_key_version; encryption_handler.encryption_key_get_func= (uint (*)(uint, uint, uchar*, uint*))no_key; encryption_handler.encryption_key_get_latest_version_func= no_key; @@ -104,7 +96,6 @@ int finalize_encryption_plugin(st_plugin_int *plugin) if (encryption_manager) plugin_unlock(NULL, encryption_manager); encryption_manager= 0; - init_io_cache_encryption(); return 0; } @@ -144,8 +135,9 @@ static uint scheme_get_key(st_encryption_scheme *scheme, goto ret; /* Now generate the local key by encrypting IV using the global key */ - rc = my_aes_encrypt_ecb(scheme->iv, sizeof(scheme->iv), key->key, &key_len, - global_key, global_key_len, NULL, 0, 1); + rc = my_aes_crypt(MY_AES_ECB, ENCRYPTION_FLAG_ENCRYPT | ENCRYPTION_FLAG_NOPAD, + scheme->iv, sizeof(scheme->iv), key->key, &key_len, + global_key, global_key_len, NULL, 0); DBUG_ASSERT(key_len == sizeof(key->key)); @@ -169,7 +161,7 @@ int do_crypt(const unsigned char* src, unsigned int slen, struct st_encryption_scheme *scheme, unsigned int key_version, unsigned int i32_1, unsigned int i32_2, unsigned long long i64, - encrypt_decrypt_func crypt) + int flag) { compile_time_assert(ENCRYPTION_SCHEME_KEY_INVALID == (int)ENCRYPTION_KEY_VERSION_INVALID); @@ -197,8 +189,8 @@ int do_crypt(const unsigned char* src, unsigned int slen, int4store(iv + 4, i32_2); int8store(iv + 8, i64); - return crypt(src, slen, dst, dlen, key.key, sizeof(key.key), - iv, sizeof(iv), 1, scheme->key_id, key_version); + return encryption_crypt(src, slen, dst, dlen, key.key, sizeof(key.key), + iv, sizeof(iv), flag, scheme->key_id, key_version); } int encryption_scheme_encrypt(const unsigned char* src, unsigned int slen, @@ -208,7 +200,7 @@ int encryption_scheme_encrypt(const unsigned char* src, unsigned int slen, unsigned int i32_2, unsigned long long i64) { return do_crypt(src, slen, dst, dlen, scheme, key_version, i32_1, - i32_2, i64, encryption_handler.encryption_encrypt_func); + i32_2, i64, ENCRYPTION_FLAG_NOPAD | ENCRYPTION_FLAG_ENCRYPT); } @@ -219,5 +211,5 @@ int encryption_scheme_decrypt(const unsigned char* src, unsigned int slen, unsigned int i32_2, unsigned long long i64) { return do_crypt(src, slen, dst, dlen, scheme, key_version, i32_1, - i32_2, i64, encryption_handler.encryption_decrypt_func); + i32_2, i64, ENCRYPTION_FLAG_NOPAD | ENCRYPTION_FLAG_DECRYPT); } |